OSCE Reaffirms that Cyberattack May Be Equivalent to an Act of Aggression

The OSCE Parliamentary Assembly (OSCE PA) adopted the 2017 Minsk Declaration with a focus on recommendations for peace and prosperity to national governments, parliaments and the international community to help shape policies in the fields of political affairs, security, economics, the environment, and human rights. This year’s meeting was held in Minsk from 5 to 9 July 2017.

The emphasis of this meeting of the Parliamentary Assembly was clearly on emerging issues within the field of political affairs and security in general, and not only on emerging cyber issues, but it covered several cyber aspects. Within the declaration, it notes with concern the ongoing security challenges throughout the OSCE region, including cybersecurity threats, but the document lacks thorough detail on current threats. It urges that measures be taken to enhance cybersecurity between states, to prevent tension and conflict stemming from the use of information and communication technologies, and to protect critical infrastructure from cyber threats, including by strengthening the implementation of the OSCE’s confidence building measures in the area of cyber security, and facilitating co-operation among the competent national bodies and law enforcement agencies.

OSCE PA also reaffirmed the AstanaDeclaration of 2008 and the Oslo Declaration of 2010 which deal with cybercrime and cyber security. One of the most prominent issues in the current declaration is that the OSCE PA recognises that cyber attacks against vital state and commercial infrastructure are equivalent in nature to those of a conventional act of aggression.

Advances in the field of ICT causes changes in all aspects of life

The OSCE PA also underlines, that the rapid advances in digitalization are causing fundamental changes in all aspects of life, and the potential consequences of which require comprehensive discussion at national and international levels. Digital Developments with regard not only to security but also in relation to democratic societies as a whole have to be well observed. It is also recognised that currently the attempt by some governments to supress dissent and to control public communications through measures such as repressive rules regarding the establishment and operation of media outlets and websites and unduly restrictive laws on content. Technical control over digital technologies such as blocking, filtering, jamming and closing down digital spaces is also a worrying issue.

The declaration also covers the observation of new voting technologies and stresses the importance of preserving the secrecy of the ballot when digital voting takes place, the setting should be secure through the use of encryption or other necessary means of digital security. In this context it was highlighted, that the importance of maintaining credible elections by making source code and other information regarding the election process available so that an increased level of transparency and credibility can be maintained was also stressed. Participating states are encouraged to engage in an international exchange of ideas and methods concerning new voting technologies and their effects on democracy.

Another worrying aspect of the advances in the field of ICT is the growing number of child pornography. In this context the participating states were called on to work with the private sector on requirements for and the implementation of modern verification technologies for access to pornographic websites, thus preventing child exploitation, and to work closely with social media platforms to protect children from pornographic content and grooming by traffickers for commercial sexual exploitation.

Conclusion

The focus of the recent OSCE PA was clearly not on cyber security issues, but covered also other important aspects of information communication technology (ICT) issues. The OSCE picked up solely the cyber topic in their statement on confidence-building measures in cyberspace in March 2016.

Torsten Corall

This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.